Subscription to the full report on a daily basis can be obtained:
Send an eMail to dhsdailyadmin@mail.dhs.osis.gov with the subject "DHS Daily Open Source Infrastructure Report" and the following line in the body...subscribe.
To obtain a complete copy of the current report proceed to the DHS link below.
To obtain reports more than 10 business days old, send an eMail to DHS_Reports@e-computer-security.com. Be specific as to the reports you wish to receive.

• The former New York State Assembly speaker was charged
November 30 for 7 counts of honest services fraud, extortion, and money
laundering after gaining $4 million in kickbacks. – New York Times See item 9 below in the Financial Services Sector

• Plano, Texas officials reported November 30 that heavy
rainfall and overflows in aged pipes caused more than 300,000 gallons of water
to leak from 8 sewage spills over the weekend of November 28. – Dallas
Morning News

• An audit of the Louisiana State University (LSU) Health
Care Services Division revealed November 30 that nearly $6 million in
state-owned hospital equipment could not be located and over $15 million in
equipment for the LSU Medical Center was not properly recorded. – Associated
Press

16. November
30, Associated Press – (Louisiana) $6 million in equipment missing from state
hospitals, audit says. An audit of the Louisiana State University (LSU)
Health Care Services Division conducted by the State’s legislative auditor was
released November 30 and found that nearly $6 million in state-owned hospital
equipment could not be located and that over $15 million in equipment bought
for the LSU Medical Center in New Orleans was not properly recorded and tagged
before it was turned over to the hospital operator. LSU stated that it is
working to locate and properly tag all medical equipment purchased.

8. November
30, U.S. Securities and Exchange Commission – (International) Standard
Bank to pay $4.2 million to settle SEC charges. Officials from the U.S.
Securities and Exchange Commission (SEC) reported November 30 that London-based
Standard Bank Plc was charged with violating the Foreign Corrupt Practices Act
by failing to disclose a payment of $6 million made by the Bank affiliate to a
firm with no substantial role in a $600 million debt transaction with the
Government of Tanzania in 2013. The Bank agreed to pay the SEC $4.2 million in
settlements and is also facing action on the part of the United Kingdom’s
Serious Fraud Office. Source: http://www.sec.gov/news/pressrelease/2015-268.html

9. November
30, New York Times – (New York) Ex-New York Assembly speaker, is found guilty on
all counts. The former speaker of the New York State Assembly was found
guilty in New York City November 30 on 7 counts of honest services fraud,
extortion, and money laundering for his role in a scheme in which he gained $4
million in kickbacks from a cancer research center and 2 real estate firms that
he subsequently hid in Weitz & Luxenberg firm. Source: http://www.nytimes.com/2015/12/01/nyregion/sheldon-silver-guilty-corruption-trial.html

10. November
30, WWLP 22 Springfield – (Massachusetts) Florida man charged with
wire fraud in western Mass. A Florida man was charged November 30 for his
role in an investment scheme from 2008 – 2012 in which he falsely promised 23
investors inflated returns on $600,000 worth of investments of which he used
some for personal gain. The suspect also wrote 40 bad checks worth nearly $1.8
million when investors asked for their money back. Source: http://wwlp.com/2015/11/30/florida-man-charged-with-wire-fraud-in-western-mass/

Information Technology Sector

22. December
1, Securityweek – (International) Unpatched flaws allow hackers to compromise
Belkin routers. A researcher discovered multiple vulnerabilities affecting
Belkin’s N150 wireless home routers, including an HTML/script injection that
affects the “language” parameter present and causes the device’s web interface
to become inoperable; a session hijacking vulnerability that allows an attacker
to easily obtain data through a brute force attack due to the fixed state of
the session ID as a hexadecimal string; and a remote control access flaw that
allows an attack to gain root privileges, among other vulnerabilities. Source: http://www.securityweek.com/unpatched-flaws-allow-hackers-compromise-belkin-routers

23. December
1, Securityweek – (International) Schneider patches RCE flaws in ProClima
software. Schneider Electric released security updates for its ProClima
product addressing a series of vulnerabilities, including a remote control
execution (RCE) flaw that can enable a remote attacker to execute unauthorized
code via ActiveX controls connected to the Internet Explorer web browser. The
products were distributed to the U.S. and Europe and affect sectors such as
energy, critical manufacturing, and commercial facilities. Source: http://www.securityweek.com/schneider-patches-rce-flaws-proclima-software

24. December
1, Securityweek – (International) Videofied Alarm System flaws allow hackers to
intercept data. Researchers from U.K.-based Cybergibbons identified high
severity vulnerabilities in RSI Video Technologies’ Videofied alarm systems including
the CVE-2015-8252 and CVE-2015-8253 flaws that allows remote attackers to
obtain the device’s authentication key from its serial number transmitted
through plain text and enables hackers to spoof alarms and intercept data
including messages and videos in the form of plain text and MJPEG files. The
vulnerabilities affect devices sold in over 70 countries. Source: http://www.securityweek.com/videofied-alarm-system-flaws-allow-hackers-intercept-data

25. November
30, Securityweek – (International) OpenSSL to patch several vulnerabilities. The
OpenSSL Project announced November 30 that it will be releasing scheduled
updates December 3 addressing several OpenSSL vulnerabilities, including
several threats ranging from low to high security levels including flaws that
can be exploited remotely to compromise server private key, vulnerabilities
that disclose contents of server memory, and flaws where remote code execution
is possible in common situations. Source: http://www.securityweek.com/openssl-patch-several-vulnerabilities

Communications Sector

26. December
1, WDTN 2 Dayton – (National) Time Warner Cable recovering from massive outage. Time
Warner Cable worked to restore Internet and cable services December 1 following
a reported outage that affected over 16,000 customers across several States
November 30.

Links

About Me

U.S. Army Retired Chief Warrant Officer with more than 40 years in information technology and 35 years in information security. Became a Certified Information Systems Security Professional in 1995 and have taught computer security in Asia, Canada and the United States. Wrote a computer security column for 5 years in the 1980s titled "for the Sake Of Security", penname R. E. (Bob) Johnston, which was published in Computer Decisions.
Motto: "When entrusted to process, you are obligated to safeguard"